Every competent family office audits its financial controls annually. Investment performance is reviewed quarterly. Tax filings are checked, rechecked, and filed on time. Insurance policies are renewed. Compliance procedures are tested.

Behavioral health preparedness gets none of this discipline. In most family offices, there is no documented protocol for a mental health crisis. No vetted provider network. No staff training. No communication plan. The assumption is that these situations will be handled when they arise. That assumption is a failure of fiduciary responsibility.

A behavioral health audit is not a clinical exercise. It is an operational assessment — one that complements the broader discipline of fiduciary wellness oversight. It answers a simple question: if a family member experienced a serious behavioral health event tomorrow, would this family office be ready?

The answer, for most offices conducting this audit for the first time, is no.

Why This Audit Matters

Behavioral health events do not announce themselves on a convenient timeline. Substance use escalations, psychiatric emergencies, eating disorders, suicidal ideation — these situations demand immediate, coordinated responses from a multidisciplinary advisory team. The SAMHSA National Helpline is one resource, but a family office cannot rely on a public hotline for coordinated crisis response. The family office that scrambles to find a provider at 2 AM has already failed.

An annual audit creates accountability. It forces the office to examine its readiness with the same rigor applied to financial operations. It surfaces gaps before they become crises. It ensures that staff know their roles, that provider relationships are current, and that legal documents reflect the family's actual circumstances. Research from the American Psychological Association consistently demonstrates that preparedness improves outcomes in behavioral health emergencies.

This is also a matter of fiduciary crisis preparedness. Families that experience behavioral health crises without proper infrastructure in place suffer compounding consequences — clinical, financial, legal, and reputational. The audit is a preventive measure that costs almost nothing relative to the damage it prevents.

The Annual Behavioral Health Audit Framework

This framework is organized into seven assessment domains. Each domain contains specific audit questions. Each question receives a status rating: green (adequate), yellow (partially addressed, needs improvement), or red (absent or critically deficient).

The audit should be conducted annually, ideally in Q1, and results should be documented in a confidential memo with action items and deadlines.

Domain 1: Crisis Preparedness Assessment

This domain evaluates whether the family office can respond to an acute behavioral health emergency within hours, not days.

  • Documented crisis protocols: Does a written, step-by-step crisis response protocol exist? Is it accessible to all relevant staff? When was it last updated?
  • Crisis coordinator designation: Is there a named individual who serves as the primary crisis coordinator? Is there a backup? Do both know their roles?
  • After-hours response capability: Can the office mount a coordinated response at 2 AM on a Saturday? Who gets the call? What is the escalation path?
  • Protocol testing: Has the crisis protocol been tested through a tabletop exercise or simulation in the past 12 months? What did the test reveal?
  • Emergency contact list: Is there a current, secure list of emergency contacts including clinicians, attorneys, family principals, and trusted advisors? When was it last verified?

Domain 2: Provider Network Review

A provider network is only useful if it is current, vetted, and comprehensive. This domain assesses the quality and depth of clinical relationships.

  • Primary clinical contacts: Does the office maintain relationships with at least two psychiatrists, two psychologists or therapists, and one addiction specialist? Are these relationships active, or are they names on a list?
  • Re-vetting schedule: Have all providers been re-vetted in the past 12 months? Are licenses current? Have there been any disciplinary actions, malpractice claims, or changes in practice scope?
  • Geographic coverage: Does the provider network cover all locations where family members reside or frequently travel? Are there gaps in coverage for vacation homes, university towns, or international locations?
  • Specialty coverage: Does the network include specialists for adolescent psychiatry, geriatric behavioral health, eating disorders, trauma, and dual diagnosis? Are there gaps?
  • Treatment facility relationships: Does the office maintain current relationships with at least two residential treatment facilities? Have these facilities been personally visited and vetted within the past 24 months?
  • Coordination with the multidisciplinary advisory team: Are clinical providers integrated with the broader advisory team? Is there a defined communication protocol between clinical and non-clinical advisors?

Domain 3: Family Wellness Indicators

This domain requires discretion. It is not a clinical assessment of individual family members. It is an operational assessment of patterns and trends that the family office should be monitoring.

  • Behavioral patterns: Have any concerning behavioral patterns emerged in the past 12 months? Increased substance use, social withdrawal, erratic financial behavior, relationship instability, or declining engagement with family governance?
  • Life transitions: Are any family members navigating high-risk transitions — divorce, bereavement, retirement, inheritance, college departure, or return from treatment?
  • Preventive measures: What proactive wellness resources are available to family members? Executive health programs, coaching, family therapy, wellness retreats, peer support groups?
  • Rising generation concerns: Are there specific behavioral health considerations for younger family members? Are age-appropriate resources in place? The NAMI resources for young adults provide a useful baseline for what families should have available.
  • Prior incidents: Have there been any behavioral health incidents in the past 12 months, even minor ones? Were they handled well? What lessons were learned?

Domain 4: Staff Capability Assessment

Family office staff are first responders in behavioral health situations, whether they are trained for that role or not. This domain evaluates their readiness.

  • Protocol awareness: Do all relevant staff members know the crisis response protocol? Can they describe the first three steps from memory?
  • Training completion: Have staff completed behavioral health awareness training in the past 12 months? This includes recognizing warning signs, de-escalation basics, and understanding confidentiality requirements.
  • Role clarity: Does each staff member know their specific role during a crisis? Who calls the clinician? Who coordinates logistics? Who manages family communication? Who handles media if necessary?
  • Emotional readiness: Have staff been given resources to manage the emotional toll of supporting families through behavioral health events? Is there a debriefing process after incidents?
  • Staffing structure: Does the family office staffing model include personnel with behavioral health coordination experience or training?

Domain 5: Legal and Compliance Review

Legal documents must anticipate behavioral health scenarios. Too many families discover that their estate plans, trusts, and directives are silent on these issues precisely when they need them most.

  • Powers of attorney: Are durable powers of attorney in place for all adult family members? Do they specifically address healthcare decision-making authority? Are the designated agents appropriate and willing?
  • Advance directives: Do advance directives exist for all adult family members? Do they address psychiatric treatment preferences, including hospitalization, medication, and electroconvulsive therapy?
  • Guardianship provisions: For family members who may require guardianship or conservatorship, have provisions been pre-planned? Are appropriate petitions drafted and ready?
  • Trust provisions: Do trust documents include behavioral health-related provisions? Incentive clauses, substance use conditions, treatment funding mechanisms, trustee discretion guidelines?
  • HIPAA authorizations: Are current HIPAA authorization forms on file allowing appropriate information sharing between family members, the family office, and clinical providers? Has legal counsel reviewed requirements under both HIPAA and HHS mental health privacy guidance?
  • State-specific laws: Has legal counsel reviewed relevant state laws regarding involuntary commitment, guardianship, and mental health parity for all jurisdictions where family members reside?

Domain 6: Technology and Communication Security

Behavioral health information is among the most sensitive data a family office handles. A breach can cause irreparable harm.

  • Secure communication channels: Does the office use HIPAA-compliant messaging platforms for behavioral health communications, as outlined in the family office technology stack framework? Are staff trained on which channels to use?
  • Data storage: Is behavioral health information stored separately from general family office files? Is access restricted on a need-to-know basis?
  • Device security: Are mobile devices used by staff properly encrypted and secured? Could a lost phone expose sensitive behavioral health information?
  • Vendor security: Have third-party technology vendors been assessed for their behavioral health data handling practices?
  • Communication protocols: Are there clear rules about what can be discussed via email, text, phone, or in person? Do staff know not to include clinical details in unsecured communications?

Domain 7: Insurance and Coverage Review

Insurance coverage for behavioral health is notoriously complex. Gaps in coverage can expose the family to significant financial risk and, more importantly, can delay treatment.

  • Coverage adequacy: Does current health insurance provide adequate coverage for inpatient psychiatric treatment, residential addiction treatment, intensive outpatient programs, and long-term therapy?
  • Out-of-network provisions: What are the out-of-network benefits? Most top-tier behavioral health providers do not accept insurance. Is the family prepared for significant out-of-pocket costs?
  • Coverage for all family members: Are all family members covered, including adult children, aging parents, and family members in other jurisdictions?
  • Liability coverage: Does the family's umbrella insurance adequately cover liability scenarios that could arise from a family member's behavioral health crisis?
  • Key person insurance: For family members involved in operating businesses, does key person insurance address behavioral health-related incapacity?

How to Conduct the Audit

The audit is led by the family office principal or chief of staff. It should not be delegated to junior staff. The seriousness of the exercise demands senior leadership.

Participants: The audit team should include the family office principal, a trusted family attorney, and the family's primary wealth advisor. If the family has a behavioral health consultant or care coordinator, include them. Family members are not participants in the audit process. The audit is an operational assessment of the office, not a clinical evaluation of the family.

Timeline: Allow four to six weeks from initiation to final report. Week one is document gathering. Weeks two and three are assessment and interviews. Week four is scoring and drafting findings. Weeks five and six are review, revision, and action planning.

Documentation: All findings are recorded in a confidential audit report. This report is classified at the highest confidentiality level the family office maintains. Distribution is limited to the audit team and designated family principals.

Action items: Every red or yellow finding generates a specific action item with an owner, a deadline, and a follow-up date. Action items are tracked in a secure system and reviewed monthly until resolved.

Scoring Methodology

Each audit question receives one of three ratings:

  • Green — Adequate: The capability exists, is documented, is current, and has been tested or verified within the audit period. No action required beyond ongoing maintenance.
  • Yellow — Partially Addressed: Some elements are in place, but there are gaps, outdated components, or untested procedures. Action required within 90 days.
  • Red — Absent or Critically Deficient: The capability does not exist, is severely outdated, or has never been tested. Immediate action required within 30 days.

Each of the seven domains receives an overall domain rating based on the preponderance of individual question ratings. A domain with any red ratings cannot receive an overall green rating, regardless of how many green ratings it contains.

Prioritizing the Results

Not all gaps are equal. Use this prioritization framework to sequence remediation efforts:

  • Priority 1 — Life safety: Any gap that could delay response to an acute crisis. Crisis protocols, after-hours contacts, emergency communication chains. Address within 30 days.
  • Priority 2 — Legal exposure: Missing or outdated legal documents, HIPAA compliance gaps, insurance coverage shortfalls. Address within 60 days.
  • Priority 3 — Operational readiness: Staff training gaps, provider network deficiencies, technology security weaknesses. Address within 90 days.
  • Priority 4 — Preventive measures: Wellness programming, rising generation resources, family communication improvements. Address within 120 days.

What Most Family Offices Discover

The first audit is sobering. Common findings include:

  • No written crisis protocol exists. The response plan lives in one person's head. If that person is unavailable, the office is paralyzed.
  • The provider list is a collection of names, not a network. Names were gathered years ago. No one has verified credentials, confirmed availability, or built an actual relationship with these providers.
  • Staff have received zero training. They have no idea how to recognize warning signs, what to say, what not to say, or who to call.
  • Legal documents are silent on behavioral health. Powers of attorney exist but do not address psychiatric treatment decisions. Trusts have no provisions for behavioral health scenarios. HIPAA authorizations are missing or expired.
  • Communication security is inadequate. Sensitive behavioral health information has been shared via personal email, unsecured text messages, or in meetings with unauthorized attendees. The cybersecurity infrastructure was never designed with clinical data in mind.
  • Insurance coverage has never been evaluated for behavioral health adequacy. No one has read the behavioral health provisions of the family's insurance policies.
  • No one owns this area. Behavioral health preparedness is not assigned to any specific role in the family office. It falls through the cracks because it belongs to no one.

These findings are not indictments. They are starting points. The purpose of the audit is not to assign blame. It is to create a clear picture of current capabilities and a concrete plan for improvement.

Building the Discipline

The first audit is the hardest. It requires building assessment infrastructure from scratch. Subsequent annual audits are faster because they build on existing documentation and track progress against prior findings.

Over time, the behavioral health audit becomes a standard component of family office operations — as routine as the annual financial audit, as essential as the annual insurance review. Families that engage experienced behavioral health coordination professionals often find that the audit process accelerates, because external specialists bring assessment frameworks refined across multiple family systems. The family office that conducts this audit consistently will be ready when the call comes. The one that does not will scramble, improvise, and hope. Hope is not a strategy.

Start the audit. Document the gaps. Close them. Do it again next year.